Privacy Policy

1. Introduction

WorkMate Ltd ("WorkMate", "we", "us") operates the WorkMate services marketplace at workmate.ie. We are the Data Controller responsible for personal data collected through this platform. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and all applicable Irish data protection law.

For any privacy-related queries, contact us at: privacy@workmate.ie

2. Data We Collect

Depending on how you use the platform, we may collect:

• Identity & contact: full name, email address, phone number (normalised to Irish +353 format).
• Location: Eircode, county, and service area preferences.
• Service history: jobs posted, quotes received, bookings made, reviews given and received.
• Payment information: payment is processed by Stripe. WorkMate does not store full card details — we hold only Stripe customer and payment intent references.
• Identity verification: documents uploaded for business registration and Safe Pass compliance checks.
• Usage data: browser type, IP address, pages visited, and session activity for security and platform improvement.

3. How We Use Your Data

• Delivering and operating the marketplace platform.
• Matching customers with suitable service providers.
• Processing payments and managing the Stripe Connect escrow/hold flow.
• Sending transactional emails (booking confirmations, alerts, receipts).
• Verifying provider identity, vetting status, and professional qualifications.
• Fraud prevention, risk scoring, and platform safety.
• Handling disputes and customer support requests.
• Meeting legal and regulatory obligations under Irish and EU law.

4. Legal Basis (GDPR Article 6)

• Contract performance (Art. 6(1)(b)): processing necessary to provide the service you have signed up for, including job posting, quoting, booking, and payment processing.
• Legitimate interests (Art. 6(1)(f)): fraud detection, platform security, improving our matching algorithms, and sending service-related communications.
• Consent (Art. 6(1)(a)): optional marketing communications and non-essential cookies (where applicable).
• Legal obligation (Art. 6(1)(c)): tax records, financial reporting, and compliance with Irish statutory requirements.

5. Data Sharing

We do not sell your personal data. We share data only with trusted processors required to operate the platform:

• Stripe — payment processing and Connect payouts (Stripe Inc., subject to Stripe's Privacy Policy).
• Resend — transactional email delivery. Sender address: notifications@workmate.ie.
• Supabase — database and file storage (hosted in EU region where available).
• Competent authorities — where required by Irish law, including the Revenue Commissioners and An Garda Síochána.

6. Data Retention

• Active accounts: data is retained for the duration of your account.
• Post-closure: financial records and transaction history are retained for 7 years after account closure to comply with Irish tax and accounting obligations.
• Identity documents: removed from active storage within 30 days of verification approval or as soon as possible after rejection.

7. Your Rights

Under GDPR you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — have inaccurate data corrected.
• Erasure — request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Lodge a complaint — with the Data Protection Commission Ireland at www.dataprotection.ie.

To exercise any of these rights, email privacy@workmate.ie. We will respond within 30 days.

8. Cookies

WorkMate uses session cookies strictly necessary to keep you logged in and maintain your preferences. We do not place third-party advertising cookies. Analytics cookies, if used, are anonymised and subject to consent. You can manage cookie preferences via the consent banner displayed on your first visit.

9. International Data Transfers

• WorkMate primarily stores data within the EU (Supabase EU region).
• Some processors (Stripe, Sentry, Vercel) may transfer data to the United States.
• All international transfers are covered by Standard Contractual Clauses (SCCs) or EU adequacy decisions.
• Data Processing Agreements (DPAs) have been signed with all third-party processors.

10. Data Security

• Industry-standard encryption: TLS 1.2+ for data in transit, AES-256 for data at rest.
• Row Level Security (RLS) enforced on all database tables to ensure users can only access their own data.
• Regular security audits and penetration testing.
• Incident response within 72 hours as required by GDPR Article 33.
• Access controls and audit logging for all administrative actions.

11. Automated Decision-Making

• WorkMate uses automated risk scoring for fraud prevention purposes.
• Provider compliance scores are calculated automatically to support platform safety.
• No solely automated decisions are made that produce legal effects — human review is always available.
• You may request human review of any automated decision by contacting privacy@workmate.ie.

12. Children's Data

WorkMate is not intended for users under the age of 18. We do not knowingly collect personal data from children. If we become aware that data has been collected from a minor, it will be deleted promptly. If you believe a child has provided us with personal data, please contact privacy@workmate.ie.

13. Data Protection Officer

Our Data Protection Officer can be contacted at dpo@workmate.ie for any data protection concerns or queries.

Supervisory authority: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland — www.dataprotection.ie.

14. Contact & Updates

For all privacy enquiries: privacy@workmate.ie. This policy was last updated in March 2026. We will notify registered users of material changes via email with at least 14 days' notice.